FBI (April 7) ISIL Defacements Exploiting WordPress Vulnerabilities. Continuous Web site defacements are being perpetrated by individuals sympathetic to the Islamic State in the Levant (ISIL) a.k.a. Islamic State of Iraq and al-Shams (ISIS). The defacements have affected Web site operations and the communication platforms of news organizations, commercial entities, religious institutions, federal/state/local governments, foreign governments, and a variety of other domestic and international Web sites. Although the defacements demonstrate low-level hacking sophistication, they are disruptive and often costly in terms of lost business revenue and expenditures on technical services to repair infected computer systems. Click here for the full alert.

The FBI is warning U.S. companies that cyber terrorists from the Middle East and North Africa are planning to conduct cyber-attacks against Israeli and Jewish interests next week. The Bureau stated in a security notice to U.S. industry on Sunday that, as of early March, “several extremist hacking groups indicated they would participate in a forthcoming operation, #OpIsrael, which will target Israeli and Jewish Web sites.”

“Given the perceived connections between the government of Israel and Israeli financial institutions, and those of the United States, #OpIsrael participants may also shift their operations to target vulnerable U.S.-based financial targets or Jewish-oriented organizations within the United States,” the FBI warning said.

The FBI predicts that the threat to U.S.-based infrastructure from the coming cyber attack is low for well-maintained and updated networks. So, make sure that your techies and hosts maintain and update your systems.

The FBI said members of at least two extremist hacking groups it did not identify are currently working to recruit hackers for the attacks next week. The hacker group Anonymous this week also threatened an “electronic Holocaust” in a video statement.

The FBI estimated that the threat to U.S.-based infrastructure from the coming cyber attack is low for well-maintained and updated networks. However, as part of its program to notify private industry of major cyber threats, the FBI is notifying several possible targets.

OK, you’ve heard it over and over…don’t click on unknown links. Well, people, even smart people, don’t listen. You get an email from someone that you know, click on what is said to be a “secure” link and your adventure begins.

Here’s the bait. It looks official. People click and type in their password, giving their email account and contacts to hackers.

Now the phisher has you lured in. You’re asked to sign in. A nasty bot takes control of your computer, steals your contact list and sends everyone on your list an invitation to become infected.

Recommendations:

Look at the illustration at the top of this email. Be aware.

Do not followunsolicited web links in email messages or submit any email account or password information to unknown webpages in links.

US-CERT and DHS encourage users and administrators experiencing a ransomware infection NOT to respond to extortion attempts by attempting payment and instead to report the incident to the FBI at the Internet Crime Complaint Center (IC3).

Here are some free resources to see if your computer is infected (from STOP. THINK. CONNECT.™ the global cybersecurity awareness campaign to help all digital citizens stay safer and more secure online. – See more at: http://www.stopthinkconnect.org/)

The escalating drumbeat for military action naturally leads to questions about possible terrorism here in New York. Note: as of today there are no specific, credible threats against New York or the Jewish community. Nevertheless, all Jewish organizations should review their security and emergency preparedness plans to ensure that they are up-to-date and that they can be readily implemented. Some specifics:

High Holidays

If you are an organizations hosting High Holiday services and/or programs you should:

Notify your local police about all planned services and programs. Discuss the number of people expected at each service and ask them for any suggestions that could improve your security and emergency preparedness plans.

Review your security and emergency preparedness measures, especially access control, evacuation and lockdowns. Meet with your staff and volunteers and make sure that everyone is on the same page and knows what to do. Check the “High Holidays” category for more suggestions..

Potential for Cyberattacks

Last week the Syrian Electronic Army compromised the New York Times website and others. Western financial institutions are also targetted by others. We all should review our own cybersecurity because, in the past, anti-Israel hackers have attacked Jewish-related sites. See JCRC’s Cybersecurity Resources.

This week the FBI distributed the following:

The Syrian Electronic Army (SEA), a pro-regime hacker group that emerged during Syrian antigovernment protests in 2011, has been compromising high-profile media outlets in an effort to spread proregime propaganda. The SEA’s primary capabilities include spearphishing, Web defacements, and hijacking social media accounts to spread propaganda. Over the past several months, the SEA has been highly effective in compromising multiple high-profile media outlets.

The SEA has recently compromised high profile media Web sites through a new tactic of hacking third party networks – including a Domain Name System (DNS) registrar and a content recommendation website.

In April 2013, the SEA compromised the Twitter feed of the Associated Press, posting a false story that President Obama was injured, causing in a brief drop in the stock market.

In addition to Syrian hackers, groups or individuals sympathetic to the SEA may also be observed participating in CNO efforts against US Web sites and networks.

In general, hacktivism cyber attacks may result in denial of service, Web site defacements, and the compromise of sensitive information which may lead to harassment and identify theft. Although the specific OpUSA claims referenced above speak specifically to DDoS attacks, precautionary measures to mitigate a range of potential hacktivism threats include:

Implement a data back-up and recovery plan to maintain copies of sensitive or proprietary data in a separate and secure location. Backup copies of sensitive data should not be readily accessible from local networks.

Have a DDoS mitigation strategy ready ahead of time and keep logs of any potential attacks.

Scrutinize links contained in e-mail attachments.

Regularly mirror and maintain an image of critical system files.

Encrypt and secure sensitive information.

Use strong passwords, implement a schedule for changing passwords frequently and do not reuse passwords for multiple accounts.

Enable network monitoring and logging where feasible.

Be aware of social engineering tactics aimed at obtaining sensitive information.

Securely eliminate sensitive files and data from hard drives when no longer needed or required.

Establish a relationship with local law enforcement and participate in IT information sharing groups for early warnings of threats.

Pro-Palestinian hackers managed to deface the web site of The Jewish Chronicle in London, but didn’t make it into the newspaper’s file system. The cyberattack apparently protested Israel’s blockade of the Gaza Strip. The Chronicle said the attackers defaced a virtual file system that was cleared by rebooting. The attackers may be based in Turkey. more. . .

Get more information to secure your Jewish institution at www.jcrcny.org/security.